CVE-2013-2796

Published: Aug 9, 2013Modified: Apr 29, 2026

6.9

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 3.4 / Impact: 10.0

Source: NVD

Description

Schneider Electric Vijeo Citect 7.20 and earlier, CitectSCADA 7.20 and earlier, and PowerLogic SCADA 7.20 and earlier allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Affected (6)

Products: Schneider Electric: Citectscada, Powerlogic Scada, Vijeo Citect

3 products

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Schneider Electric Citectscada	Up to 7.20
Schneider Electric Citectscada	Version 7.10
Schneider Electric Powerlogic Scada	Up to 7.20
Schneider Electric Powerlogic Scada	Version 7.10
Schneider Electric Vijeo Citect	Up to 7.20
Schneider Electric Vijeo Citect	Version 7.10

Related CWEs

CWE-264

References (4)

http://ics-cert.us-cert.gov/advisories/ICSA-13-217-02

Source: ics-cert@hq.dhs.gov

US Government Resource

http://www.citect.schneider-electric.com/cs-HF720SP459363

Source: ics-cert@hq.dhs.gov

Patch

http://ics-cert.us-cert.gov/advisories/ICSA-13-217-02

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.citect.schneider-electric.com/cs-HF720SP459363

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

Timeline

No history available yet.